Security Update: LogMeIn and LastPast Phishing Scam

Updated 07/24/2021


Abnormal Security has spotted a new phishing attack that pretends to be a security update from LogMeIn, a popular remote software product.

This new scam is more than likely targeting at-home workers due to the influx of stay at home orders due to the Covid-19 virus.

The email states that there is a fix for a zero-day vulnerability in both LogMeIn Central and LogMeIn Pro.

If the update is not applied, the user's account will supposedly be suspended.

The link brings the user to a fake login page where they are prompted to log in to their account.

Once their credentials are captured, the hackers now have access to their information.

One of the biggest concerns is that LastPass, a popular password storage program who's parent company is LogMeIn uses single sign-on authorization with LogMeIn. This means LastPass may also be vulnerable, and users should be aware their passwords may be in danger.